3dcart
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@membranehq/clipackage via NPM. This is a verified utility provided by the vendor for managing integrations and authentication. - [COMMAND_EXECUTION]: The documentation contains instructions for executing various CLI commands through the
membraneutility, includinglogin,connect, andaction run, which are necessary for the skill's operational logic. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes data from the 3dcart e-commerce platform.
- Ingestion points: Data ingested via
membrane action runandmembrane request(documented in SKILL.md). - Boundary markers: No delimiters or specific safety markers are implemented to isolate external data from the system prompt.
- Capability inventory: Terminal command execution and network API proxy access via the
membraneCLI. - Sanitization: The skill does not explicitly define sanitization or validation routines for data fetched from external API endpoints.
Audit Metadata